VYPR

Kernel

by Linux

Source repositories

CVEs (15,869)

  • CVE-2016-1237MedJun 29, 2016
    risk 0.29cvss 5.5epss 0.00

    nfsd in the Linux kernel through 4.6.3 allows local users to bypass intended file-permission restrictions by setting a POSIX ACL, related to nfs2acl.c, nfs3acl.c, and nfs4acl.c.

  • CVE-2014-9903MedJun 27, 2016
    risk 0.29cvss 5.5epss 0.00

    The sched_read_attr function in kernel/sched/core.c in the Linux kernel 3.14-rc before 3.14-rc4 uses an incorrect size, which allows local users to obtain sensitive information from kernel stack memory via a crafted sched_getattr system call.

  • CVE-2015-4178MedMay 2, 2016
    risk 0.29cvss 5.5epss 0.00

    The fs_pin implementation in the Linux kernel before 4.0.5 does not ensure the internal consistency of a certain list data structure, which allows local users to cause a denial of service (system crash) by leveraging user-namespace root access for an MNT_DETACH umount2 system…

  • CVE-2015-4177MedMay 2, 2016
    risk 0.29cvss 5.5epss 0.00

    The collect_mounts function in fs/namespace.c in the Linux kernel before 4.0.5 does not properly consider that it may execute after a path has been unmounted, which allows local users to cause a denial of service (system crash) by leveraging user-namespace root access for an…

  • CVE-2015-4176MedMay 2, 2016
    risk 0.29cvss 5.5epss 0.00

    fs/namespace.c in the Linux kernel before 4.0.2 does not properly support mount connectivity, which allows local users to read arbitrary files by leveraging user-namespace root access for deletion of a file or directory.

  • CVE-2015-2672MedMay 2, 2016
    risk 0.29cvss 5.5epss 0.00

    The xsave/xrstor implementation in arch/x86/include/asm/xsave.h in the Linux kernel before 3.19.2 creates certain .altinstr_replacement pointers and consequently does not provide any protection against instruction faulting, which allows local users to cause a denial of service…

  • CVE-2015-1573MedMay 2, 2016
    risk 0.29cvss 5.5epss 0.00

    The nft_flush_table function in net/netfilter/nf_tables_api.c in the Linux kernel before 3.18.5 mishandles the interaction between cross-chain jumps and ruleset flushes, which allows local users to cause a denial of service (panic) by leveraging the CAP_NET_ADMIN capability.

  • CVE-2011-5321MedMay 2, 2016
    risk 0.29cvss 5.5epss 0.00

    The tty_open function in drivers/tty/tty_io.c in the Linux kernel before 3.1.1 mishandles a driver-lookup failure, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via crafted access to a…

  • CVE-2008-7316MedMay 2, 2016
    risk 0.29cvss 5.5epss 0.00

    mm/filemap.c in the Linux kernel before 2.6.25 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers an iovec of zero length, followed by a page fault for an iovec of nonzero length.

  • CVE-2016-2383MedApr 27, 2016
    risk 0.29cvss 5.5epss 0.00

    The adjust_branches function in kernel/bpf/verifier.c in the Linux kernel before 4.5 does not consider the delta in the backward-jump case, which allows local users to obtain sensitive information from kernel memory by creating a packet filter and then loading crafted BPF…

  • CVE-2016-2085MedApr 27, 2016
    risk 0.29cvss 5.5epss 0.00

    The evm_verify_hmac function in security/integrity/evm/evm_main.c in the Linux kernel before 4.5 does not properly copy data, which makes it easier for local users to forge MAC values via a timing side-channel attack.

  • CVE-2015-8845MedApr 27, 2016
    risk 0.29cvss 5.5epss 0.00

    The tm_reclaim_thread function in arch/powerpc/kernel/process.c in the Linux kernel before 4.4.1 on powerpc platforms does not ensure that TM suspend mode exists before proceeding with a tm_reclaim call, which allows local users to cause a denial of service (TM Bad Thing…

  • CVE-2015-8844MedApr 27, 2016
    risk 0.29cvss 5.5epss 0.00

    The signal implementation in the Linux kernel before 4.3.5 on powerpc platforms does not check for an MSR with both the S and T bits set, which allows local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted application.

  • CVE-2016-0821MedMar 12, 2016
    risk 0.29cvss 5.5epss 0.00

    The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-pointer protection…

  • CVE-2015-7550MedFeb 8, 2016
    risk 0.29cvss 5.5epss 0.00

    The keyctl_read_key function in security/keys/keyctl.c in the Linux kernel before 4.3.4 does not properly use a semaphore, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted…

  • CVE-2014-8559MedNov 10, 2014
    risk 0.29cvss 5.5epss 0.01

    The d_walk function in fs/dcache.c in the Linux kernel through 3.17.2 does not properly maintain the semantics of rename_lock, which allows local users to cause a denial of service (deadlock and system hang) via a crafted application.

  • CVE-2014-3690MedNov 10, 2014
    risk 0.29cvss 5.5epss 0.01

    arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.17.2 on Intel processors does not ensure that the value in the CR4 control register remains the same after a VM entry, which allows host OS users to kill arbitrary processes or cause a denial of service (system…

  • CVE-2014-3647MedNov 10, 2014
    risk 0.29cvss 5.5epss 0.01

    arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 does not properly perform RIP changes, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application.

  • CVE-2014-3646MedNov 10, 2014
    risk 0.29cvss 5.5epss 0.00

    arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through 3.17.2 does not have an exit handler for the INVVPID instruction, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application.

  • CVE-2014-3610MedNov 10, 2014
    risk 0.29cvss 5.5epss 0.01

    The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 does not properly handle the writing of a non-canonical address to a model-specific register, which allows guest OS users to cause a denial of service (host OS crash) by leveraging guest…

Page 576 of 794